Satori: Open-source Course Management System; Analyzing the NSA's Role in Russia's NotPetya Cyberattack Using Rule-Consequentialism

My technical report and STS research are bridged by each’s reflection on the impact of software design. While both consider how various properties of software influences the reliability, user behavior, and security of a piece of software, the STS research focuses primarily on the potential user misbehavior and the ethical implications of design decisions; my technical project is an exercise in software design’s impact on application performance. Together, these broadly analyze the potential repercussions of design decisions made in the process of developing software tools and applications.

The technical project is the development of a new course tools management solution for the CS 2150: Program and Data Representation class. The existing software solution has run into maintenance difficulties due to the dated primary coding language used for the web framework. Our new web application not only looked to update the codebase to use a highly popular and modern framework but also gave my capstone team the chance to fundamentally redesign the architecture, features, and user experience being offered to students, teaching assistants, and instructors. Our goal was to lay the necessary groundwork for an open source course management solution that addresses the nuances of traditional computer science curriculum with immediate functionality in areas of greatest inefficiencies. By the conclusion of our work, we designed and completed the foundation of the application and implemented an office hours queueing system that is being utilized in production by two of the largest undergraduate computer science courses at the university.

The STS research project examines how poor software design can enable use cases that are destructive to the original goal of the design. The paper covers the case of EternalBlue, a hacking toolkit developed by the NSA for cyberespionage. When this toolkit is stolen and released publicly, its ease of use combined with the organization’s lack of transparency allowed the tool to quickly be perverted into many different malicious exploits, including the NotPetya ransomware that compromised the security of American businesses the NSA purports to protect. My research deploys the ethical framework of rule consequentialism using an adaptation of Just War Theory for cyberwarfare as a guideline to better understand the morality of the NSA’s actions. I argue that the NSA’s awareness of EternalBlue’s wormability and extreme integrity impact coupled with evidence of its own speculation of potential misuse by malicious actors requires the organization to be held jointly responsible for Russia’s violation of Just War Theory under rule consequentialism.

Working on the two projects simultaneously allowed for a healthy dose of symbiotic refection where understanding gained from one work directly influenced ideas in the other. My STS research led to a broader understanding of potential security vulnerabilities that could then be avoided in my technical work. It also allowed me to employ the consequentialist tactic of moral imagination to envision the possible ramifications that could result from particular design choices. The technical work helped me to understand the scope of control an engineer has over his or her work during the design process and the degree to which engineers could be reasonably held responsible for their decisions. The practical experience gained from the technical project and the ethical and security considerations from my STS research substantially improved my overall understanding of the software design process.

School of Engineering and Applied Sciences
Bachelor of Science in Computer Science
Technical Advisor: Aaron Bloomfield
STS Advisor: Benjamin Laugelli
Technical Team Members: Disha Jain, Andrew Lewis, Winston Liu, Austin Sullivan